Neutron is one of the important component in OpenStack, it allows us to create or attach interface device to networks, follow this guide to configure Neutron (Networking) in your environment. Neutron manages all networking related things that we need for Virtual Networking Infrastructure, it provides the networks, subnets, and router object abstractions.
We must choose any one of the following network option to go ahead for configuring OpenStack.
Networking Option 1: Provider networks
Networking Option 2: Self-service networks
To know more about these, click here.
Here, we are going to use Self-service networks.
Install and configure controller node:
Before we configure Neutron service, we must create a database, service, and API endpoint. To do that, login as the root into MySQL server.
# mysql -u root -p
Create the neutron database.
CREATE DATABASE neutron;
Grant a proper permission to the neutron database.
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';
Replace “password” with a suitable password. Exit from MySQL.
Load your admin credential from the environment script.
# source admin-openrc.sh
Create the neutron user for creating service credentials.
# openstack user create --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 91c75b24ce324309891f6a4ea8b33887 | | name | neutron | +-----------+----------------------------------+
Add the admin role to the neutron user.
# openstack role add --project service --user neutron admin
Create the neutron service entity.
# openstack service create --name neutron --description "OpenStack Neutron" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Neutron | | enabled | True | | id | 1834077666c54c93821c95a03fa853a1 | | name | neutron | | type | network | +-------------+----------------------------------+
Create the neutron service API endpoint.
# openstack endpoint create --region RegionOne network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | c145840a76004e6d9e4bdccfb3603e84 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 1834077666c54c93821c95a03fa853a1 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ # openstack endpoint create --region RegionOne network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d2305c57e55341fcbfbc1bd91c4d6378 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 1834077666c54c93821c95a03fa853a1 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ # openstack endpoint create --region RegionOne network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2dadc6ded42a4db3bf217d1abad22f15 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 1834077666c54c93821c95a03fa853a1 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
Install and configure Networking components on the controller node:
# apt-get install neutron-server neutron-plugin-ml2 neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent python-neutronclient conntrack
Edit the /etc/neutron/neutron.conf.
# nano /etc/neutron/neutron.conf
Modify the below settings and make sure to place a entries in the proper sections.
[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True rpc_backend = rabbit auth_strategy = keystone notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 verbose = True ## Replace "controller" with hostname of openstack controller [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = password ## Replace "password" with the password you chose for the openstack account in RabbitMQ ## Replace "controller" with hostname of openstack controller [database] ... connection = mysql+pymysql://neutron:password@controller/neutron ## Replace "password" with the password you chose for neutron database ## Commentout any other MySQL connections [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = password ## Replace "password" with the password you chose for neutron user in the identity service. ## Commentout other authentication details. [nova] ... auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = password ## Replace "password" with the password you chose for nova user in the identity service.
Configure Modular Layer 2 (ML2) plugin:
Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file
# nano /etc/neutron/plugins/ml2/ml2_conf.ini
Modify the following stanzas.
[ml2] ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] ... flat_networks = public [ml2_type_vxlan] ... vni_ranges = 1:1000 [securitygroup] ... enable_ipset = True
Configure the Linux bridge agent:
To configure the Linux bridge agent, edit /etc/neutron/plugins/ml2/linuxbridge_agent.ini on the controller node.
# nano /etc/neutron/plugins/ml2/linuxbridge_agent.ini
Do the changes on the file like below.
[linux_bridge] physical_interface_mappings = public:eth1 ## Replace "eth1" with the name of the physical public facing network interface. [vxlan] enable_vxlan = True local_ip = 192.168.12.21 l2_population = True ## Replace "192.168.12.21" with the management ip-address of the controller. [agent] ... prevent_arp_spoofing = True [securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Configure the layer-3 agent:
Edit the /etc/neutron/l3_agent.ini file
# nano /etc/neutron/l3_agent.ini
Modify the file as below.
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = verbose = True
Configure the DHCP agent:
Edit the /etc/neutron/dhcp_agent.ini file.
# nano /etc/neutron/dhcp_agent.ini
Make relevant changes to file as like below.
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True verbose = True dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
Now create the /etc/neutron/dnsmasq-neutron.conf file to enable the DHCP MTU option (26) and configure it to 1450 bytes:
# nano /etc/neutron/dnsmasq-neutron.conf
Place below line on to it.
dhcp-option-force=26,1450
Configure the metadata agent:
Edit the /etc/neutron/metadata_agent.ini file on the controller node.
# nano /etc/neutron/metadata_agent.ini
Make changes accordingly.
[DEFAULT] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = password ## Replace "password" with the password you chose for the neutron user in the Identity service. ## Commentout other authentication details. nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET ## Replace METADATA_SECRET with a suitable secret for the metadata proxy. generate using # openssl rand -hex 10 verbose = True
To finish the installation, populate the database.
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Restart the Compute API service.
# service nova-api restart
Restart the Networking services.
# service neutron-server restart # service neutron-plugin-linuxbridge-agent restart # service neutron-dhcp-agent restart # service neutron-metadata-agent restart # service neutron-l3-agent restart
By default, the Ubuntu packages create an SQLite database. you can remove the SQLite database file.
# rm -f /var/lib/neutron/neutron.sqlite
Verify it by listing loaded extensions.
# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | dns-integration | DNS Integration | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | extraroute | Neutron Extra Route | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+
That’s All!. It’s time to Install and configure compute node to work with Neutron component.
